Award-winning news, views, and insight from the ESET security community

Sony hacking: were PlayStation servers used to spread stolen data?

Following the release of confidential documents and four unreleased films, as reported by We Live Security here, the bad news for Sony continued as it was reported that the company's own PlayStation servers were used to distribute the stolen data, The Independent reports.

Following the release of confidential documents and four unreleased films, as reported by We Live Security here, the bad news for Sony continued as it was reported that the company’s own PlayStation servers were used to distribute the stolen data, The Independent reports.

Following the release of confidential documents and four unreleased films, in the Sony hacking reported by We Live Security here, the bad news for the company continued as it was reported that the company’s own PlayStation servers were used to distribute the stolen data, The Independent reports.

The Register claims that the file, weighing in at 27.78GB, was spread by ‘more than 60 systems’ seeding it through BitTorrent that appeared to be virtual servers from the Amazon EC2 cloud. However ‘a number’ of these servers also serve websites for Sony Computer Entertainment, with some of them having SSL certificates signed by the Japanese manufacturer.

Sony Computer Entertainment is supposed to be unrelated to Sony Pictures, which has led to some speculation that the hacking is more widespread than originally feared.

Security researcher Dan Tentler has a theory as to how the two subsidiaries servers could be connected. Speaking to Forbes he speculated: “A random guess? Sony is in the habit of releasing video games that are parallel to movies – like the Transformers franchise, for example. Perhaps the EC2 instances are actually shared in small part between the PlayStation Network and Sony Pictures for the promotion of the games, or transferring of image/creative assets, and someone at Sony Pictures had SSH keys for one or more of the instances, or perhaps login credentials. Think of it this way – if anyone in the organization had email correspondence with someone at the PlayStation Network and talked about keys or credentials or whatever, then the attackers would have access to that data.”

It’s possible that the files being shared by PlayStation Network is not indicative of the hackers having control of Sony’s servers, but of an attempt by the company to catch thieves trying to steal their content. However, all these Sony related servers have now vanished as seeders from the BitTorrent file, so it seems plausible that the servers were indeed being used without the company’s knowledge, as the fallout from the Sony hacking continues.